CVE-2023-53077: 
Linux Kernel vulnerability analysis and mitigation

CVE-2023-53077 is a vulnerability discovered in the Linux kernel, specifically affecting the drm/amd/display component. The issue was identified and disclosed on May 2, 2025. The vulnerability occurs in the CalculateVMAndRowBytes function when PTEBufferSizeInRequests is zero, causing unexpected behavior in the kernel's display handling system (NVD, Wiz).

The vulnerability manifests when PTEBufferSizeInRequests is zero, causing dml_log2 to return an unexpected negative value. This results in a shift exponent of 4294966273, which exceeds the bounds for a 32-bit integer type. The issue was initially detected through UBSAN (Undefined Behavior Sanitizer) warnings. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (Red Hat).

The vulnerability primarily affects the AMD display driver component in the Linux kernel. While the full extent of the impact is not comprehensively documented, the issue could potentially lead to undefined behavior in the kernel's display handling system (Wiz).

The vulnerability has been patched in multiple Linux kernel versions. The fix involves modifying the code to skip the dml_log2() calculation and directly assign the result when PTEBufferSizeInRequests is zero. Fixed versions include Linux kernel 5.10.223-1 for Debian bullseye, 6.1.129-1 for bookworm, and 6.12.22-1 for trixie (Debian Tracker).